Google sued over 'interception' of abortion data on Planned Parenthood website
Plaintiff claims they didn't consent to analytics tracking
An anonymous complainant has filed a lawsuit against Google, claiming it unlawfully collects health data, including abortion searches, on third-party websites that use Google technology.
Jane Doe, whose legal representation is looking to get the case certified as a class action, claims her private information was intercepted by Google when she used the scheduling pages on Planned Parenthood's website in 2018 to search for an abortion provider.
Doe alleges Google wrongfully collected her medical information and that of other would-be class members "without authorization and proper compensation" when its tracking tech was used by her healthcare provider.
The suit asks Google to establish a compensation fund and to stop the practice, claiming it "aided and abetted" the healthcare provider's violations of the California Confidentiality of Medical Information Act (CMIA) and is therefore liable for any infractions.
The lawsuit also cites the California Invasion of Privacy Act (CIPA), which is supposed to guard Californians against companies eavesdropping on their private communications and the invasion of privacy resulting from the "continual and increasing use of such devices and techniques."
The full complaint [PDF] alleges that Google's tracking tech pulled in information about Doe's interactions with the healthcare provider's website and also "intercepted" data about treatment she received at the Planned Parenthood affiliate in Burbank, California, that she ultimately selected using the site.
The suit claimed the plaintiff and class members didn't "authorize or consent" to the tracking, adding that they have:
a reasonable expectation of privacy in their confidential communications, including information relating to their searches for and scheduling of abortions and other medical services, and their sensitive medical information.
- FTC sues VoIP provider over 'billions of illegal robocalls'
- Privacy Framework draft isn't 'future-proof', say MEPs
- This won't hurt a bit: Amazon now a US healthcare provider
- Hey, online pharmacies: Quit spreading around everyone's data already
The lawsuit states that Google used Doe's data "to provide marketing and analytics services as well as improve its ad targeting capabilities and data points on users". It requests a jury trial.
At the time of publication, Google had not yet filed a response, but it does have policies that prohibit customers from using Google Analytics to collect Protected Health Information under HIPAA or collect any data that would identify individual users.
Prior lawsuits have concentrated on healthcare websites themselves – i.e. the websites that implemented Google solutions such as Google Analytics, or Facebook/Meta's Pixel – pointing out that the providers, and especially those who handle confidential medical information, should have had oversight of tracking data and its implementation.
One such example is the recently settled BetterHelp lawsuit. In the settlement, in which it made no admission of wrongdoing, online counselling provider BetterHelp had to pay $7.8 million and was banned from sharing consumers' health data with advertisers. The settlement resolved a 2022 complaint that claimed BetterHelp pushed users to complete an unskippable questionnaire in order to obtain services and then passed on that info to Meta (then Facebook) as well as others in order to promote its services.
The reason you'll see US privacy cases filed with claims specific to US state law is because there is no general federal legislation on data protection in the US. The lack of federal regulation is one of the reasons the US and EU are having such a hard time agreeing on Privacy Framework, their third attempt at an outline of promises that would mean EU residents' data can flow freely to US tech giants and be processed by them onshore. The EU is looking for equivalent protections that mean the privacy Europeans get would be as good as they get at home before they grant America data adequacy, something many legal experts believe may be close to impossible without a huge shift in the US.
We have asked Google for comment. ®